Hi
!

Since the last time you logged in our privacy statement has been updated.

Hi
!

Since the last time you logged in our privacy statement has been updated.

We want to ensure that you are kept up to date with any changes and as such would ask that you take a moment to review the changes.You will not continue to receive KPMG subscriptions until you accept the changes.

Close

Hi!

A positive approach to cyber

A positive approach to cyber

Cyberattacks are a threat that can strike anywhere. Attitudes towards cybersecurity, however, are not identical around the world. This is clear in the 2017 CEO Outlook. Nordic CEOs are much more likely to see cybersecurity as an opportunity, rather than a threat. This may be counterintuitive to CEOs from other regions who are more likely to focus on cyber threats than the commercial opportunities from security products and services which they necessitate.

Related content

They are, for example, more likely than their global counterparts to believe that data security prompts innovation in products and services. Nearly all (94%) take this view, almost double the 53% of global CEOs who say the same.

Mika Laaksonen, KPMG Cyber Advisory Partner at KPMG in Finland, says that Nordic CEOs see data security as an integral part of new, innovative services. They are successful only if the client can trust them. For example, the buyers of cloud‑based HR systems tend to be conscious of the need for data privacy, especially in terms of sensitive data, and the compliance to EU’s General Data Protection Regulation (GDPR). They understand that they must be able to show their clients high standards of data security, and that their partners’ and suppliers’ standards are equally high. Nordic CEOs are more likely than their international counterparts to see revenue opportunities in such cyber risk mitigation. They are also more likely to see preparedness as part of their leadership role.

Laaksonen says that “CEOs are already seeing it as important to protect their assets properly. They are starting to see that they cannot hope for high customer satisfaction without cyber security, or privacy for that matter.”

Internet penetration creates higher expectations

This is likely helped by the fact that Nordic countries have very high levels of internet penetration. Denmark and Sweden top the league tables for online advertising spend and engagement by business, government and consumers. This means that the understanding of online security and how to mitigate it is commensurately greater than in regions where a smaller proportion of the economy is online.

The expectations of Nordic consumers are thus more evolved than the global average: Nordic firms have experience of the fact that businesses and consumers will spend money to keep information and other assets safe online. This is likely to contribute to Nordic CEOs’ understanding that cyber security can be a commercial opportunity as much as a threat. That does not mean that they believe they have the talent they need to take that opportunity, however. Human capital is a challenge: 73% of Nordic CEOs say it is the biggest obstacle to tackling cyber security, compared to 47% of the global benchmark.

Difference in preparedness for various attacks

Although Nordic CEOs are more confident in their companies’ preparedness for certain kinds of attacks, they are less confident about their firms’ readiness for others. Whereas 73% said they are ready for a distributed denial‑of-service attack – significantly higher than the 38% globally who said the same – the proportions who expressed readiness for a ransomware attack (39%), customer data theft (37%), data theft (45%), an employee-led data breach (29%) are lower than the global averages. Nordic CEOs, however, report greater readiness for an equipment or software attack (80%) or a social media hack (55%) compared to the global average.

Laaksonen believes that the Nordic view of cybersecurity is evolving.

“Over the years there have been some high‑profile incidents.”

He cites one example of a global firm based in the Nordics that had a few minor breaches, but was reluctant to implement a solution “because it would take effort and cost money.” Subsequently, however, the company was hacked again, lost four consultancy clients, over a thousand servers, and were forced to send their workforce home for many days. These kind of examples, coupled with the coming challenge of regulation, combine to form a picture of a region rapidly waking up to the issue of cybersecurity, but responding to it pragmatically and optimistically.